When employees fire up their company-issued mobile devices at home or at the airport, they often use the technology for both business and personal pursuits like
blogging. According to one industry expert, it's a very dangerous trend.

Many people blog from work and mobile platforms and that's very bad ... Blogs are one of the bad guys' tools.Don Ulsch,risk management director,Jefferson Wells International Inc.

Such activities illustrate how important it is for companies to keep close tabs on what their workers are doing on corporate devices, Don Ulsch, technology risk management director in the Boston office of Jefferson Wells International , told security executives during a lunchtime presentation on emerging threats on 9 .

Download this free guide

From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

"Many people blog from work and mobile platforms and that's very bad," he said. "Blogs are one of the bad guys' tools."

He noted there are approximately 100 million blogs across cyberspace and many of them are used by organised criminal outfits to push gambling and pornography. When an employee does personal blogging on a company machine and corporate email account, blog databases are able to suck in a wealth of email data. Digital miscreants can then use sophisticated data mining software to scan the blogs for proprietary information that may be sitting in some of those stored messages, he said.

"They can analyse millions of messages and use what they find -- trade secrets, for example -- for hostile purposes," he said.

Understanding the insider threat:

DuPont case highlights insider threat: A former DuPont scientist who admitted trying to steal $400 million worth of information illustrates the seriousness of insider threats, a security expert says.

Five common insider threats and how to mitigate them: Users can be an enterprise's best defense or its worst enemy. They have access to valuable network resources and information that can be used for ill-gain, be it accidentally or intentionally. This tip explains five common insider threats and offers ways to address them.

Over time, he said, online thieves can take seemingly unimportant details from those blog messages and piece them together in a way that allows them to see the big picture of what a company may be up to.

Ulsch said companies need to start taking the blogging phenomenon more seriously from a security perspective, and that a good starting point is to put a blog restriction policy in place.

"Employees must be told they can't use work email extensions for activities like this," he said. "If they have to blog, make them use an alias email address, communicate the risks and monitor for compliance."

Ulsch used the recent DuPont case as an example of what can happen when companies don't pay attention to what their employees are doing.

Min joined DuPont in 1995 but began exploring a new job opportunity in Asia in 2005 with Victrex, a DuPont competitor. Shortly after opening the dialog with Victrex, Min reportedly proceeded to download approximately 22,000 abstracts from DuPont's data library and accessed about 16,700 documents. After Min gave his notice, DuPont discovered what he was up to and brought in the FBI. He eventually pleaded guilty to the crime and he is expected to be sentenced soon. He faces up to a decade in prison and a $250,000 fine.

"He was doing things DuPont should have seen as red flags, like downloading 22,000 abstracts and documents from the secure DuPont database," Ulsch said. "He was doing this 15 to 20 hours at a time. Had the company better understood the trust but verify concept, this might not have happened."

Ulsch said the proliferation of mobile technology among employees is increasing the likelihood that something bad will happen to the companies they work for. The bad guys are more likely to exploit employee activities like blogging to get at company secrets, and more data breaches are likely to result from the loss or theft of mobile devices.

"You're looking at a greater distribution of targeted information and there isn't as much monitoring of mobile devices because it's a lot more difficult than monitoring office-based PCs and servers," he said. "People are also less likely to observe company security policies and procedures when they're outside the office, and it's more difficult for employees to observe risky behavior among their colleagues when they're not there."

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy